Zone firewall rejecting traffic

amigan_99 used Ask the Experts™
10:44:08.946 PST: %FW-6-DROP_PKT: Dropping tcp session on zone-pair sdm-zp-out-self class class-default due to  DROP action found in policy-map with ip ident 0

In actuality this traffic I believe is just reply traffic for https.  Not sure what the ip ident 0 reject issue is.  This is a Cisco 2811 ISR running Zone based policy firewalling.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010
Please post the policy-map, or if you are up to it a full sanitized config.

amigan_99Network Engineer


I found a work-around.  But thanks for being willing to analyze.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial